tlscert

Install LetsEncrypt in Ubuntu
2020-06-07 · 1 min read · sslcert tlscert letsencrypt ubuntu ·
Share on:
1sudo add-apt-repository ppa:certbot/certbot 2sudo apt-get update 3sudo apt-get install python-certbot-apache 4sudo certbot --apache -d one.example.com -d two.example.com If the above don't work, try this: 1sudo apt-get update 2sudo apt-get install software-properties-common 3sudo add-apt-repository universe 4sudo …

Read More
Manually generating LetsEncrypt certificate
2020-06-07 · 2 min read · sslcert tlscert manual letsencrypt ·
Share on:
In cases where you don't want to disrupt current production server, this is a good approach 1mkdir /opt/letsencrypt 2cd /opt/letsencrypt 3wget https://dl.eff.org/certbot-auto 4chmod a+x certbot-auto 5sudo ./certbot-auto --apache certonly Sample run as follows: 1[root@687elmp01 letsencrypt]# sudo ./certbot-auto --apache …

Read More
One Liner CSR Creation
2020-06-07 · 1 min read · sslcert tlscert csr ·
Share on:
1openssl req -new -newkey rsa:2048 -nodes -out this.example.com.csr -keyout this.example.com.key -subj "/C=PH/ST=Cebu/L=Cebu/O=Example Organization Cebu/OU=IT Department/CN=this.example.com" What to use in the "-subj' as per https://www.endpoint.com/blog/2014/10/30/openssl-csr-with-alternative-names-one C …

Read More
Oneline Letsencrypt Cert Creation
2020-06-07 · 1 min read · sslcert tlscert letsencrypt oneline ·
Share on:
1certbot --apache -d sub1.example.com -d sub2.example.com --agree-tos -m you@example.com --redirect If you're on nginx, use --nginx

Read More
Perfect Forward Secrecy Fix
2020-06-07 · 1 min read · sslcert tlscert perfect-forward-secrecy pfs ·
Share on:
Generate dhparam.pem 1openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 Create /etc/nginx/conf.d/perfect-forward-secrecy.conf since all *.conf in /etc/nginx/conf.d: 1ssl_protocols TLSv1.2; 2ssl_prefer_server_ciphers on; 3ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 …

Read More
Remove Passphrase from Private Key
2020-06-07 · 1 min read · sslcert tlscert csr passhprase private-key ·
Share on:
1openssl rsa -in privateKey.pem -out newPrivateKey.pem

Read More
ssllabs.com test says that there's chain issues (Incorrect order, Extra certs)
2020-06-07 · 1 min read · sslcert tlscert chain-issue troubleshooting ·
Share on:
This could be an incorrect use of certificates. Make sure to use the following (translate to nginx if you're not using apache) 1SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem 2SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem 3Include /etc/letsencrypt/options-ssl-apache.conf …

Read More
TLS Best Practices
2020-06-07 · 1 min read · sslcert tlscert best-practices ·
Share on:
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Read More
Unencrypt Private Key
2020-06-07 · 1 min read · sslcert tlscert private-key unencrypt ·
Share on:
1openssl rsa -in encrypted-private.key -out non-encrypted-private.key 2Enter pass phrase for encrypted-private.key: 3writing RSA key See https://knowledge.digicert.com/solution/SO5292.html

Read More
Weak Deffie-Hellman and a B rating in SSL Labs Test
2020-06-07 · 1 min read · sslcert tlscert csr deffie-hellman ssllabs troubleshoot ·
Share on:
You can fix it by creating .a 'dhparam' file as follows in nginx: 1cd /etc/ssl/certs 2openssl dhparam -dsaparam -out ./dhparam.pem 4096 NOTE: "-dsaparam" is significant. Otherwise, it would take creation of dhparam.pem almost 24hours or more. See …

Read More
- 1
- 2
- 3
- 4